How to Publish Maven Artifacts to Sonatype with Gradle 6.2: A Step‑by‑Step Guide

Apply for a Sonatype Account

Register at https://issues.sonatype.org/.

Create an issue and fill in Group Id, Project URL, and SCM URL. Group Id can be your domain or com.io.github+your‑GitHub‑username.

Submit and wait for a response.

If the Group Id is a domain you own, verify it by adding a TXT DNS record.

Complete Required POM Information

groupId

artifactId

version

name

description

url

licenses

name

url

developers

name

email

scm

connection

developerConnection

url

Refer to the official requirements at https://central.sonatype.org/pages/requirements.html for details.

Add Maven Publish Plugin

In the plugins block of build.gradle add:

id "maven-publish"

Configure Source and Javadoc Jars

Include the following in build.gradle:

java {
    withJavadocJar()
    withSourcesJar()
}

Sign the Artifact

Use GPG (on Windows, Gpg4win is common). Command‑line signing is recommended.

Generate a key: gpg --gen-key List keys to find the last eight characters (key_id): gpg --list-keys Generate a revocation certificate: gpg --output revoke.asc --gen-revoke <key_id> Upload the public key to a key server, e.g.,

gpg --keyserver hkp://pool.sks-keyservers.net --send-keys <key_id>

Verify upload:

gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys <key_id>

Add Signing Plugin Configuration

id "signing"

signing {
    sign publishing.publications.mavenJava
}

Configure Repository URLs

In the publishing section of build.gradle add:

repositories {
    maven {
        def releasesRepoUrl = "https://oss.sonatype.org/service/local/staging/deploy/maven2/"
        def snapshotsRepoUrl = "https://oss.sonatype.org/content/repositories/snapshots/"
        url = version.endsWith('SNAPSHOT') ? snapshotsRepoUrl : releasesRepoUrl
        credentials {
            username ossrhUsername
            password ossrhPassword
        }
    }
}

This routes SNAPSHOT versions to the snapshot repository and all other versions to the release repository.

Local Testing

Run the following to publish to your local Maven cache: ./gradlew publishToMavenLocal Inspect the local repository to verify the artifact structure.

Configure Credentials and Keys

Add the following lines to ~/.gradle/gradle.properties (replace xxx with your actual values):

signing.keyId=xxx
signing.password=xxx
signing.secretKeyRingFile=xxx
ossrhUsername=xxx
ossrhPassword=xxx

Publish to SNAPSHOT Repository

Ensure the version ends with SNAPSHOT and run:

./gradlew publishMavenJavaPublicationToMavenRepository

After completion, verify the artifact at http://oss.sonatype.org under the Snapshots view.

Publish to RELEASE Repository

For non‑SNAPSHOT versions, the process uses a staging repository:

Run ./gradlew publishMavenJavaPublicationToMavenRepository.

Log in to http://oss.sonatype.org, go to Build Promotion → Staging Repositories .

Close the staging repository to trigger validation.

After validation, click Release to push the artifact to the release repository.

Propagation may take up to 10 minutes for the artifact to appear in Sonatype, a few hours on search.maven.org, and up to a day on other mirrors.

Publishing New Versions and New Artifacts

To publish a new version, repeat the RELEASE steps with the updated version number.

To publish a new artifact under an already‑approved Group Id, simply add a new artifactId and follow the same workflow; a new Group Id requires a fresh account request.